From: Ramy Sisy (ramysisy@inspiredmaster.com)
Date: Fri Sep 12 2008 - 17:26:46 ART
Hi Mohamed,
Would you please share this question
BEST REGARDS,
RAMY SISY | CCIE II (SECURITY, ROUTING/SWITCHING)#17321, CCSI#30417
CCIE PROGRAM MANAGER
INSPIRED MASTER | INSPIRING CREATIVE THINKING... | WWW.INSPIREDMASTER.COM
INSPIRED KNOWLEDGE BLOG | WWW.INSPIREDK.COM
E. RAMYSISY@INSPIREDMASTER.COM
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Mohamed Tandou
Sent: Friday, September 12, 2008 6:42 AM
To: ccielab@groupstudy.com
Subject: Fragment packets
Hell GS,
i was reading Doc Cd about fragment. Here what they say in their example:
The first statement will match and deny only noninitial fragments destined
for host 1.1.1.1.
The second statement will match and permit only the remaining nonfragmented
and initial fragments that are destined for host 1.1.1.1 TCP port 80.
The third statement will deny all other traffic. In order to block
noninitial fragments for any TCP port, we must block noninitial fragments
for all TCP ports, including port 80 for host 1.1.1.1.
access-list 101 deny ip any host 1.1.1.1 fragments
access-list 101 permit tcp any host 1.1.1.1 eq 80
access-list 101 deny ip any any
My question will be. Do we have to specify port 80? In one of the
InternetworkExpert lab they did not specify port 80. May be different
scenario i don't know. Can someone light it up for me?
Thanks
Mohamed
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sat Oct 04 2008 - 09:26:18 ART